× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e7c2a29cbefe112d29d19aa6e5f54cc87895e6bfb18017675e28ca01e80fe663
File name: PIC6757624499074533-JPG-www.facebook.com.exe
Detection ratio: 23 / 43
Analysis date: 2011-02-10 16:28:17 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Spyeye 20110206
AntiVir TR/Kazy.11182 20110210
Avast Win32:Malware-gen 20110210
Avast5 Win32:Malware-gen 20110210
BitDefender Gen:Variant.Kazy.11182 20110210
ClamAV BC.Heuristic.Trojan.SusPacked.BF-6.A 20110210
Comodo Heur.Suspicious 20110210
DrWeb Trojan.Spambot.9818 20110210
Emsisoft Trojan.Win32.Sasfis!IK 20110210
F-Secure Gen:Variant.Kazy.11182 20110210
Fortinet W32/SPYEYE.SMEP!tr 20110210
GData Gen:Variant.Kazy.11182 20110210
Ikarus Trojan.Win32.Sasfis 20110210
K7AntiVirus Riskware 20110210
McAfee Artemis!A806E1BF5D3C 20110210
McAfee-GW-Edition Artemis!A806E1BF5D3C 20110208
Microsoft Backdoor:Win32/IRCbot.gen!M 20110210
NOD32 IRC/SdBot 20110210
Panda Trj/CI.A 20110210
Rising Trojan.Win32.Generic.12791163 20110210
Sophos Mal/Zbot-AV 20110210
TrendMicro TROJ_SPYEYE.SMEP 20110210
TrendMicro-HouseCall TROJ_SPYEYE.SMEP 20110210
AVG 20110210
Antiy-AVL 20110210
CAT-QuickHeal 20110210
Commtouch 20110210
F-Prot 20110204
Jiangmin 20110210
Kaspersky 20110210
Norman 20110210
PCTools 20110210
Prevx 20110210
SUPERAntiSpyware 20110210
Symantec 20110210
TheHacker 20110208
VBA32 20110210
VIPRE 20110210
ViRobot 20110210
VirusBuster 20110210
eSafe 20110209
eTrust-Vet 20110210
nProtect 20110202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-05-23 00:52:02
Entry Point 0x0005F130
Number of sections 3
PE sections
PE imports
RegCloseKey
ImageList_Draw
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DragFinish
PathIsDirectoryA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:05:23 01:52:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
8.4

EntryPoint
0x5f130

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
7.3

OSVersion
8.4

UninitializedDataSize
339968

File identification
MD5 a806e1bf5d3cb2bd63f64f6a32522023
SHA1 b7f4ce0be6525141f12edb99d7741f2d35c4db7e
SHA256 e7c2a29cbefe112d29d19aa6e5f54cc87895e6bfb18017675e28ca01e80fe663
ssdeep
768:380vi7doEY+hJdaC14FT8bV34IWp8B1ZKxcn8U9y3mXeb260p1b:M0v+JgdT6VVC8B1Q/8ygebO1

File size 49.0 KB ( 50176 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2011-02-08 23:54:54 UTC ( 3 years, 2 months ago )
Last submission 2012-12-07 01:03:25 UTC ( 1 year, 4 months ago )
File names images726
a806e1bf5d3cb2bd63f64f6a32522023b7f4ce0be6525141f12edb99d7741f2d35c4db7e50176.exe
a806e1bf5d3cb2bd63f64f6a32522023
a806e1bf5d3cb2bd63f64f6a32522023
album.php
PIC6757624499074533-JPG-www.facebook.com.exe
755798
F449D352002CE64FC48D0055172DC00007B20C03.exe
a806e1bf5d3cb2bd63f64f6a32522023-album.php?=
album.php.exe
e7c2a29cbefe112d29d19aa6e5f54cc87895e6bfb18017675e28ca01e80fe663.bin
a806e1bf5d3cb2bd63f64f6a32522023.exe
1585427062.malware.sample
gtgcyw.exe
file-1828762_EXE
uhwcva.exe
oupbtd.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!